McAfee, Inc. Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050, and M-6050 Non-Proprietary Security Policy Version 3.0 February 4, 2016 Copyright McAfee, Inc. 2016. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS 1  MODULE OVERVIEW ....................................................................................................................................3  2  SECURITY LEVEL ..........................................................................................................................................7  3  MODE OF OPERATION .................................................................................................................................8  3.1  FIPS APPROVED MODE OF OPERATION............................................................................................................8  4  PORTS AND INTERFACES ..........................................................................................................................10  5  IDENTIFICATION AND AUTHENTICATION POLICY .........................................................................15  6  ACCESS CONTROL POLICY ......................................................................................................................17  6.1  ROLES AND SERVICES ....................................................................................................................................17  6.2  DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS) ............................................................................18  6.3  DEFINITION OF PUBLIC KEYS: ........................................................................................................................19  6.4  DEFINITION OF CSPS MODES OF ACCESS .......................................................................................................20  7  OPERATIONAL ENVIRONMENT ..............................................................................................................21  8  SECURITY RULES.........................................................................................................................................21  9  PHYSICAL SECURITY POLICY .................................................................................................................22  9.1  PHYSICAL SECURITY MECHANISMS ...............................................................................................................22  9.2  OPERATOR REQUIRED ACTIONS .....................................................................................................................22  10  MITIGATION OF OTHER ATTACKS POLICY .......................................................................................25  Page 2 1 Module Overview The Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050, and M-6050 consists of the following multi-chip standalone platforms/configurations:  M-1250 (HW P/N M-1250 Version 1.10; FIPS Kit P/N IAC-FIPS-KT2)  M-1450 (HW P/N M-1450 Version 1.10; FIPS Kit P/N IAC-FIPS-KT2)  M-2750 (HW P/N M-2750 Version 1.50; FIPS Kit P/N IAC-FIPS-KT2)  M-2850 (HW P/N M-2850 Version 1.00; FIPS Kit P/N IAC-FIPS-KT2)  M-2950 (HW P/N M-2950 Version 1.00; FIPS Kit P/N IAC-FIPS-KT2)  M-3050 (HW P/N M-3050 Version 1.20; FIPS Kit P/N IAC-FIPS-KT2)  M-4050 (HW P/N M-4050 Version 1.20; FIPS Kit P/N IAC-FIPS-KT7)  M-6050 (HW P/N M-6050 Version 1.40; FIPS Kit P/N IAC-FIPS-KT7) All module configurations include FW Version 8.1.15.10. They are all Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) designed for network protection against zero-day, DoS/DDoS, encrypted and SYN Flood attacks, and real- time prevention of threats like spyware, malware, VoIP vulnerabilities, phishing, botnets, network worms, Trojans, and peer-to-peer applications. The cryptographic boundary of each platform is the outer perimeter of the enclosure, including the power supplies and fan trays (removable and non-removable), as described below:  M-1250/M-1450: The power supplies and fan trays are non-removable.  M-2750/M-2850/M-2950: The removable fan trays are protected with tamper labels (see Figure 14). The removable power supplies are excluded from FIPS 140-2 requirements, as they are non-security relevant.  M-3050/M-4050/M-6050: The removable power supplies and fan trays are excluded from FIPS 140-2 requirements, as they are non-security relevant. Figures 1 through 5 show the module configurations and their cryptographic boundaries. Page 3 Figure 1 – Image of the M-1250/M-1450 Figure 2 – Image of the M-2750 Page 4 Figure 3 – Image of the M-2850/M-2950 Figure 4 – Image of the M-3050/M-4050 Page 5 Figure 5 – Image of the M-6050 Page 6 2 Security Level The cryptographic module meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 1 specifies the levels met for specific FIPS 140-2 areas. Table 1 - Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A Page 7 3 Mode of Operation 3.1 FIPS Approved Mode of Operation The module only supports a FIPS Approved mode of operation. An operator can obtain the FIPS mode indicator by executing the “show” or “status” CLI command, which returns the module’s firmware version, HW version, etc. The firmware and hardware versions must match the FIPS validated versions located on the CMVP website. Approved Algorithms The module supports the following FIPS Approved algorithms:  AES CBC and ECB mode with 128, & 256 bits for encryption and decryption (Cert. #3155)  Block Cipher (CTR) DRBG using AES 256 (Cert. #648)  HMAC SHA-1, SHA-256, and SHA-512 for message authentication (Cert. #1988) (Note: The minimum HMAC key size is 20 bytes.)  FIPS 186-4 RSA PSS with 2048 bit keys for key generation, signature generation with SHA-256 and SHA-512, and signature verification with SHA-1, SHA-256, and SHA-512 (Cert. #1598)  SHA-1, SHA-256, and SHA-512 for hashing (Cert. #2610) (Note: SHA-1 validated for use in TLS and verification-purposes only.)  FIPS 186-4 XYSSL RSA PKCS #1 1.5 SigVer with 2048 bit keys using SHA-1 and SHA-256 for image verification (Cert. #1824)  XYSSL SHA-1 and SHA-256 for hashing and for use with image verification (Cert. #2922)  TLS v1.0/1.1 KDF for TLS session key derivation (CVL Cert. #407)  SSH KDF for SSH session key derivation (CVL Cert. #408) Allowed Algorithms and Protocols The module supports the following FIPS allowed algorithms and protocols:  NDRNG for seeding the Block Cipher (CTR) DRBG.  RSA with 2048-bit keys for key wrapping (key establishment methodology provides 112 bits of encryption strength)  Diffie-Hellman with 2048-bit keys for key agreement (key establishment methodology provides 112 bits of encryption strength)  TLS v1.0 with the following algorithm tested cipher suites. The protocol algorithms have been tested by the CAVP (see certificate #s above) but the protocol implementation itself has not been reviewed or tested by the CAVP or CMVP. o TLS_RSA_WITH_AES_128_CBC_SHA for communication with Network Security Platform (NSP) Manager (Note: This is restricted to RSA-2048) Page 8  SSH v2 with the following algorithm tested cipher suites. The protocol algorithms have been tested by the CAVP (see certificate #s above) but the protocol implementation itself has not been reviewed or tested by the CAVP or CMVP. o Key Exchange methods (i.e., key establishment methods): Diffie-hellman- group14-SHAl o Public Key methods (i.e., authentication methods):SSH-RSA (Note: This is restricted to RSA-2048) o Encryption methods: AES128-CBC, AES256-CBC o MAC methods: HMAC-SHA1, HMAC-SHAl-96, HMAC-SHA256, HMAC SHA-512 Non-Approved Algorithms and Protocols with No Security Claimed The module supports the following non-Approved but allowed algorithms and protocols with no security claimed:  MD5 used to identify “fingerprint” of potential malware using Global Threat Information (GTI) database (used internal to the module only). Non-Approved algorithms (no security claimed): MD5  SNMPv3 is used as a plaintext transport mechanism with no security claimed. All CSP content in this SNMPv3 channel is additionally key wrapped and signed by NSM to ensure integrity and decrypted in sensor using the sensor TLS private key. Non-CSP SNMPv3 content is deemed plaintext. Non-Approved algorithms (no security claimed): HMAC (non-compliant), SHA (non-compliant), AES (non-compliant), Triple-DES (non- compliant), MD5, DES, SNMP KDF (non-compliant)  The following algorithms are implemented independently from all validated cryptographic code in the module and are used to analyze the network stream for malware and malicious network attacks in accordance with the functionality of the product. For the reasoning stated above, this functionality is allowed in the FIPS Approved mode of operation. o Decryption - SSLv2 - Cipher suites:  SSL_CK_RC4_128_WITH_MD5  SSL_CK_RC4_128_EXPORT40_WITH_MD5  SSL_CK_DES_64_CBC_WITH_MD5  SSL_CK_DES_192_EDE3_CBC_WITH_MD5 - Non-Approved algorithms (no security claimed): Triple-DES (non- compliant), HMAC (non-compliant), RC4, MD5, DES o Decryption - SSLv3/TLS - Cipher suites:  SSL/TLS_NULL_WITH_NULL_NULL  SSL/TLS_RSA_WITH_NULL_MD5  SSL/TLS_RSA_WITH_NULL_SHA  SSL/TLS_RSA_WITH_RC4_128_MD5  SSL/TLS_RSA_WITH_RC4_128_SHA  SSL/TLS_RSA_WITH_DES_CBC_SHA  SSL/TLS_RSA_WITH_3DES_EDE_CBC_SHA  SSL/TLS_RSA_WITH_AES_128_CBC_SHA  SSL/TLS_RSA_WITH_AES_256_CBC_SHA Page 9 - Non-Approved algorithms (no security claimed): RSA (non-compliant), SHA (non-compliant), Triple-DES (non-compliant), HMAC (non-compliant), RC4, MD5, DES 4 Ports and Interfaces The module supports the following communication channels with the Network Security Platform (NSP) Manager:  Install channel: Only used to associate a Sensor with the NSM. They use a “shared secret”. NSM listening on port 8501.  Trusted Alert/Control channel (TLS): NSM listening on port 8502  Trusted Packet log channel (TLS): NSM listening on port 8503  Command channel (SNMPv3, plaintext): Sensor listening to 3rd Party SNMP clients on port 8500  Bulk transfer channel (All output is encrypted): NSM listening on port 8504  Trusted Authentication Gateway channel (TLS): uses same crypto context as Alert/Control channel. NSM listening on port 8502. The Figures below depict the port and connector configuration on each module platform. Figure 6 – M-1250/1450 Front and Rear Panels Table 2 – M-1250/1450 Ports and Connectors Item Physical Ports Logical Interfaces Qty. 1 RJ-45 10/100/1000 Management port Control Input, Data Output, Status 1 Output 2 RJ-45 Response port Data Output 1 3 RS-232C Console port Control Input, Status Output 1 4 RS-232C Auxiliary port Control Input, Status Output 1 5 RJ-45 10/100/1000 Ethernet Data Input, Data Output 8 Monitoring ports 6 External Compact Flash port Data Input 1 7 Power supply A Power Input 1 N/A LEDs Status Output many Page 10 Figure 7 – M-2750 Front and Rear Panels 11 Table 3 – M-2750 Ports and Connectors Item Physical Ports Logical Interfaces Qty. 1 RJ-45 10/100/1000 Management Control Input, Data Output, Status 1 port Output 2 RS-232C Console port Control Input, Status Output 1 3 RS-232C Auxiliary port Control Input, Status Output 1 4 RJ-11 Fail-Open Control ports Data Input, Power Output 10 5 SFP 1-GigE Monitoring ports Data Input, Data Output 20 6 External Compact Flash port Data Input 1 7 Front panel LEDs Status Output 4 8 Power supply A (included) Power Input 1 9 Power supply B (optional; sold Power Input 1 separately) 10 Back panel LEDs Status Output 5 11 RJ-45 Response port Data Output 1 Page 11 Figure 8 – M-2850/2950 Front and Rear Panels 13 Table 4 – M-2850/2950 Ports and Connectors Item Physical Ports Logical Interfaces Qty. 1 RJ-45 10/100/1000 Management Control Input, Data Output, Status 1 port Output 2 RS-232C Console port Control Input, Status Output 1 3 RS-232C Auxiliary port Control Input, Status Output 1 4 RJ-11 Fail-Open Control ports Data Input, Power Output 6 5 SFP 1-GigE Monitoring ports Data Input, Data Output 12 6 External Compact Flash port Data Input 1 7 Front panel LEDs Status Output 4 8 RJ 45 10/100/1000 Ethernet Data Input, Data Output 8 Monitoring ports 9 Bypass LEDs Status Output 4 10 Power supply A (included) Power Input 1 11 Power supply B (optional; sold Power Input 1 separately) 12 Back panel LEDs Status Output 5 13 RJ-45 Response port Data Output 1 Page 12 Figure 9 – M-3050/4050 Front and Rear Panels Table 5 – M-3050/4050 Ports and Connectors Item Physical Ports Logical Interfaces Qty. 1 Power Supply A Power Input 1 2 Power Supply B Power Input 1 3 RS-232C Console port Control Input, Status Output 1 4 RS-232C Auxiliary port Control Input, Status Output 1 5 RJ-11 Fail-Open Control ports Data Input, Power Output 6 6 SFP GigE Monitoring ports Data Input, Data Output 8 7 XFP 10 GigE Monitoring ports Data Input, Data Output 4 8 Compact Flash port Data Input 1 9 RJ-45 Response port Data Output 1 10 10/100/1000 Management port Control Input, Data Output, Status 1 Output 11 Back panel LEDs Status Output 3 N/A Front panel LEDs Status Output many Page 13 Figure 10 – M-6050 Front and Rear Panels Table 6 – M-6050 Ports and Connectors Item Physical Ports Logical Interfaces Qty. 1 RJ-45 10/100/1000 Management port Control Input, Data Output, Status 1 Output 2 RS-232C Console port Control Input, Status Output 1 3 RS-232C Auxiliary port Control Input, Status Output 1 4 SFP GigE Monitoring ports Data Input, Data Output 8 5 XFP GigE Monitoring ports Data Input, Data Output 8 6 RJ-45 Response port Data Output 1 7 RJ-11 Fail-Open Control ports Data Input, Power Output 8 8 External Compact Flash port Data Input 1 9 Power Supply A Power Input 1 10 Power Supply B Power Input 1 11 Back panel LEDs Status Output 3 N/A Front panel LEDs Status Output many Page 14 5 Identification and Authentication Policy The cryptographic module supports three distinct “User” roles (Admin, Sensor Operator(s), and 3rd Party SNMP Client(s)) and one “Cryptographic Officer” role (Network Security Platform Manager). Table 7 lists the supported operator roles along with their required identification and authentication techniques. Table 8 outlines each authentication mechanism and the associated strengths. Table 7 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data Admin Role-based operator Username and Password authentication Sensor Operator(s) Role-based operator Username and Password authentication Network Security Platform Role-based operator Digital Certificate Manager (Cryptographic Officer) authentication 3rd Party SNMP Client(s) Role-based operator Username, Privacy and authentication Authentication key Table 8 – Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Username and Password The password is an alphanumeric string of a minimum of fifteen (15) characters chosen from the set of ninety-three (93) printable (Admin and Sensor and human-readable characters. Whitespace and “?” are not Operator(s)) allowed. New passwords are required to include 2 uppercase characters, 2 lowercase characters, 2 numeric characters, and 2 special characters. The probability that a random attempt will succeed or a false acceptance will occur is 1/{(10^2)*(26^4)*(31^2)*(93^7)}, which is less than 1/1,000,000. After three (3) consecutive failed authentication attempts, the module will enforce a one (1) minute delay prior to allowing retry. Additionally, the module only supports 5 concurrent SSH sessions. Thus, the probability of successfully authenticating to the module within one minute through random attempts is (3*5)/ {(10^2)*(26^4)*(31^2)*(93^7)}, which is less than 1/100,000. Page 15 Authentication Mechanism Strength of Mechanism Digital Certificate RSA 2048-bit keys using SHA-256 are used for the signing (in isolated McAfee laboratory) and verification (by sensor) of digital signatures. The probability that a random attempt will succeed or a false acceptance will occur is 1/2^112, which is less than 1/1,000,000. The module can only perform one (1) digital certificate verification per second. The probability of successfully authenticating to the module within one minute through random attempts is 60/2^112, which is less than 1/100,000. Username, Privacy and The privacy key and authentication key together make an Authentication Key alphanumeric string of a minimum of sixteen (16) characters chosen from the set of sixty-two (62) numbers, lower case letters, and upper case letters. The probability that a random attempt will succeed or a false acceptance will occur is 1/62^16, which is less than 1/1,000,000. The module will allow approximately one (1) attempt per millisecond, meaning that 60,000 attempts can be made per minute. The probability of successfully authenticating to the module within one minute through random attempts is 60,000/62^16, which is less than 1/100,000. Page 16 6 Access Control Policy 6.1 Roles and Services Table 9 lists each operator role and the services authorized for each role. Table 9 – Services Authorized for Roles 3rd Party SNMP Client(s) Sensor Operator(s) NSP Manager Authorized Services Admin X X X Show Status: Provides the status of the module, usage statistics, log data, and alerts. X Sensor Operator Management: Allows Admin to add/delete Sensor Operators, set their service authorization level, set their session timeout limit, and unlock them if needed. X X* X Network Configuration: Establish network settings for the module or set them back to default values. X X* X Administrative Configuration: Other various services provided for admin, private, and support levels. X X* X Firmware Update: Install an external firmware image through SCP or compact flash. X X* Install with NSM: Configures module for use. This step includes establishing trust between the module and the associated management station. Install with 3rd Party SNMP Client: Configures module for 3rd Party X SNMPv3 use. This step includes establishing trust between the module and the associated 3rd Party SNMP Client. Trust is provided by NSM. X X* Change Passwords: Allows Admin and Sensor Operators to change their associated passwords. Admin can also change/reset Sensor Operators passwords. X X* Zeroize: Destroys all plaintext secrets contained within the module. The “Reset Config” command is used, followed by a reboot. X Intrusion Detection/Prevention Management: Management of intrusion detection/prevention policies and configurations through SNMPv3 and TLS. X Intrusion Detection/Prevention Monitoring: Limited monitoring of Intrusion Detection/Prevention configuration, status, and statistics through SNMPv3. X X* Disable SSH/Console Access: Disables SSH and Console access. * Depending on the authorization level granted by the Admin Page 17 Unauthenticated Services: The cryptographic module supports the following unauthenticated services:  Self-Tests: This service executes the suite of self-tests required by FIPS 140-2.  Intrusion Prevention Services: Offers protection against zero-day, DoS/DDoS, encrypted and SYN Flood attacks, and real-time prevention of threats like spyware, malware, VoIP vulnerabilities, phishing, botnets, network worms, Trojans, and peer-to- peer applications. o Note: This service utilizes the non-Approved algorithms listed above with no security claims. This includes an MD5 hash to identify the “fingerprint” of malware and decryption of SSL-encrypted streams for the purpose of detecting malware and network attacks. (Decryption of SSL-encrypted streams is not supported on the M-1250 and M-1450.) See the list above.  Zeroize: Destroys all plaintext secrets contained within the module. The “NetBoot” process is used. 6.2 Definition of Critical Security Parameters (CSPs) The following are CSPs contained in the module:  Administrator Passwords: Password used for authentication of the “admin” role through console and SSH login. Extended permissions are given to the “admin” role by using the “support” or “private” passwords.  Sensor Operator Passwords: Passwords used for authentication of “user” accounts through console and SSH login. Extended permissions are given to the “user” account by using the “support” or “private” passwords.  3rd Party SNMP Client Privacy and Authentication Keys: Passwords used for authentication of 3rd Party SNMP Clients.  NSM Initialization Secret (i.e., NSM Shared Secret): Password used for mutual authentication of the sensor and NSM during initialization.  Bulk Transfer Channel Session Key: AES 128 bit key used to encrypt data packages across the bulk transfer channel.  SSH Host Private Keys: RSA 2048 bit key used for authentication of sensor to remote terminal for CLI access.  SSH Session Keys: Set of ephemeral Diffie-Hellman or AES, and HMAC keys created for each SSH session.  TLS Sensor Private Key (for NSM): RSA 2048 bit key used for authentication of the sensor to NSM.  TLS Session Keys (for NSM): Set of ephemeral AES and HMAC keys created for each TLS session with the NSM.  Seed for RNG: Seed created by NDRNG and used to seed the Block Cipher (CTR) DRBG. Page 18  DRBG Internal State: V and Key used by the DRBG to generate pseudo-random numbers  Server Private Keys (for SSL network stream analysis): Set of up to 64 Private Keys of servers within the environment protected by the IPS Services. Used to decrypt and analyze incoming network traffic. 6.3 Definition of Public Keys: The following are the public keys contained in the module:  McAfee FW Verification Key: RSA 2048 bit key used to authenticate firmware images loaded into the module.  SSH Host Public Key: RSA 2048 bit key used to authenticate the sensor to the remote client during SSH.  SSH Remote Client Public Key: RSA 2048 bit key used to authenticate the remote client to the sensor during SSH.  TLS Sensor Public Key (for NSM): RSA 2048 bit key used to authenticate the sensor to NSM during TLS connections.  TLS NSM Public Key: RSA 2048 bit key used to authenticate NSM to sensor during TLS connections. Page 19 6.4 Definition of CSPs Modes of Access Table 10 defines the relationship between access to keys/CSPs and the different module services. The types of access used in the table are Read (R), Write (W), and Zeroize (Z). Z* is used to denote that only the plaintext portion of the CSP is zeroized (i.e., the CSP is also stored using an Approved algorithm, but that portion is not zeroized). Table 10 – Key and CSP Access Rights within Services Server Private Keys (for SSL network stream analysis) 3rd Party SNMP Client P and A Keys Bulk Transfer Channel Session Key TLS Sensor Private Key (for NSM) TLS Sensor Public Key (for NSM) SSH Remote Client Public Key McAfee FW Verification Key TLS Session Keys (for NSM) Sensor Operator Passwords NSM Initialization Secret Administrator Passwords SSH Host Private Keys TLS NSM Public Key SSH Host Public Key DRBG Internal State SSH Session Keys Seed for RNG Show Status R R R R R R R R R R Sensor Operator R Management W Network Configuration R R R R R R R R Administrative R R R R R R R R Configuration Firmware Update R R R R R R R R R R R R R R Install with NSM W R R R W W W W W W Install with 3rd Party R SNMP Client W R Change Passwords R R R W R Zeroize Z* Z* Z Z Z Z Z Z Z Z Z Z R R Z Intrusion Detection/Prevention R R R R R Management Intrusion Detection/Prevention R Monitoring Disable SSH/Console Access Self Tests Intrusion Prevention R Services W Page 20 7 Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the device supports a limited operational environment. 8 Security Rules The cryptographic module’s design corresponds to the module’s security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1. The cryptographic module shall provide four distinct operator roles: Admin, Sensor Operator(s), Network Security Platform Manager, and 3rd Party SNMP Client(s). 2. The cryptographic module shall provide role-based authentication. 3. When the module has not been placed in a valid role, the operator shall not have access to any cryptographic services. 4. The cryptographic module shall perform the following tests: A. Power up Self-Tests: 1. Firmware Integrity Test: XYSSL RSA 2048 using SHA-1 for hashing (Future versions of this Cryptographic Module will validate integrity with a SHA-256 based hash.) 2. Cryptographic algorithm known answer tests (KATs): a. AES ECB 128 Encryption KAT and Decryption KAT b. RSA 2048 Key Generation KAT (Cert. #1598) c. RSA 2048 Signature Generation KAT (Cert. #1598) d. RSA 2048 Signature Verification KAT (Cert. #1598) e. SHA-1 KAT (Cert. #2610) f. SHA-256 KAT (Cert. #2610) g. SHA-512 KAT (Cert. #2610) h. Block Cipher (CTR) DRBG KAT i. HMAC SHA-1 KAT j. HMAC SHA-256 KAT k. HMAC SHA-512 KAT l. XYSSL RSA 2048 Signature Verification KAT (Cert. #1824) (SHA-1 and SHA-256 based signatures) m. XYSSL SHA-1 KAT (Cert. #2922) n. XYSSL SHA-256 KAT (Cert. #2922) o. TLS 1.0/1.1 KDF KAT p. SSH KDF KAT If any of these tests fail the following message will be displayed: !!! CRITICAL FAILURE !!! FIPS 140-2 POST and KAT... REBOOTING IN 15 SECONDS 3. Critical Functions Tests: N/A B. Conditional Self-Tests: 1. Block Cipher (CTR) DRBG Continuous Test 2. SP 800-90A DRBG Section 11.3 Health Checks Page 21 3. NDRNG Continuous Test 4. RSA Sign/Verify Pairwise Consistency Test 5. External Firmware Load Test – XYSSL RSA 2048 using SHA-256 for hashing If the firmware load test fails the following message will be displayed: "Load image with SCP failed." If the pairwise consistency test fails the following message will be displayed: “Pairwise Test Failed”. If the DRBG CRNGT test fails the following message will be displayed: “DRBG stuck”. If the NDRNG CRNGT fails the following message will be displayed: “Entropy source stuck”. 5. At any time the cryptographic module is in an idle state, the operator shall be capable of commanding the module to perform the power up self-test by power cycling. 6. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 7. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 8. If a non-FIPS validated firmware version is loaded onto the module, then the module is no longer a FIPS validated module. 9. The module shall only support five concurrent SSH operators when SSH is enabled. 10. The use of the Aux ports shall be restricted to the initialization of the cryptographic module. 11. The use of the Compact Flash Port shall be restricted to loading McAfee signed firmware. 9 Physical Security Policy 9.1 Physical Security Mechanisms The cryptographic module includes the following physical security mechanisms:  Production-grade components  Production-grade opaque enclosure with tamper evident labels. Tamper evident labels and further instructions are obtained in the FIPS Kits with the following part numbers: o M-1250/M-1450/M-2750/M-2850/M-2950/M-3050: IAC-FIPS-KT2 o M-4050/M-6050: IAC-FIPS-KT7 9.2 Operator Required Actions For the module to operate in a FIPS Approved mode, the tamper labels shall be placed by the Admin role as specified below. The Admin must clean the chassis of any dirt before applying the labels. Per FIPS 140-2 Implementation Guidance (IG) 14.4, the Admin role is also responsible for the following:  Securing and having control at all times of any unused labels  Direct control and observation of any changes to the module, such as reconfigurations, where the tamper evident labels or security appliances are removed or installed to ensure the security of the module is maintained during such changes and the module is returned to a FIPS Approved state. The Admin is also required to periodically inspect tamper evident labels. Table 11 outlines the recommendations for inspecting/testing physical security mechanisms of the module. If evidence of tamper is found during the periodic inspection, the operator should zeroize the module and modify Administrator Passwords upon start up. The operator should contact McAfee for new Page 22 tamper labels, if necessary. Table 11 – Inspection/Testing of Physical Security Mechanisms Physical Security Recommended Frequency of Inspection/Test Guidance Mechanisms Inspection/Test Details Tamper Evident Labels As specified per end user Visually inspect the labels for policy tears, rips, dissolved adhesive, and other signs of malice. Opaque Enclosure As specified per end user Visually inspect the enclosure policy for broken screws, bent casing, scratches, and other questionable markings. Figure 11 depicts the tamper label locations on the cryptographic module for the M-3050, M- 4050, and M-6050 platforms. There are 6 tamper labels and they are circled in yellow. Figure 11 – Tamper Label Placement (M-3050, M-4050, and M-6050) Page 23 Figure 12 depicts the tamper label locations on the cryptographic module for the M-1250 and M- 1450 platforms. There are 8 tamper labels and they are circled in yellow. Figure 12 – Tamper Label Placement (M-1250 and M-1450) Figure 13 depicts the tamper label locations on the cryptographic module for the M-2750, M- 2850, and M-2950 platforms. There are 5 tamper labels and they are circled in yellow. Figure 13 – Tamper Label Placement (M-2750, M-2850, and M-2950) Page 24 Figure 14 shows a sample Tamper Label. Figure 14 – Tamper Label 10 Mitigation of Other Attacks Policy The module has not been designed to mitigate any specific attacks beyond the scope of FIPS 140-2 requirements. Page 25